The IT Nerd

Neosec, the pioneer in discovering and identifying API threats using behavioral analytics, today announced the availability of ShadowHunt, an expert-staffed managed threat hunting service to augment its platform with human oversight from active threat hunters to identify the most clandestine and obfuscated API abuse. Borrowing from threat hunting capabilities in EDR and XDR, Neosec brings similar techniques to API security. ShadowHunt gives security teams peace of mind that API security experts are examining abnormal behavior on their API estate.

Combining the ShadowHunt service with the Neosec cloud-based platform enables organizations to manage the increasing risk to core business systems, assets and data from manipulation, theft or misuse. The service is ideal for companies where security teams are short-staffed or lack the expertise needed to identify threats in business API traffic, because APIs are increasingly used to connect important business systems to customers, suppliers, and partners.

Rather than focusing only on vulnerabilities within APIs, the Neosec platform addresses the problem by first automatically and continually identifying all APIs a company has in use, evaluating their risk posture and monitoring user behavioral anomalies that could involve data theft or other misuse. Most companies lack a complete API  inventory, let alone understand the nature of normal API usage. Few have the ability to monitor their APIs to mitigate loss or detect abuse of business processes, financial assets and data within their APIs. Now, the ShadowHunt service can augment use of the Neosec platform with a team of experts to respond to findings quickly, investigate potential threats and recommend immediate remediation and actions.

Besides the incidents and alerts provided by the dedicated expert team of threat hunters, the ShadowHunt service also includes a monthly report to summarize findings and investigations performed by the team, news of emerging API threats discovered by Neosec across many different companies and notable changes in the use and operation of APIs currently employed by a company. The service also includes full “Ask the Experts” access to the team of threat hunters.

The ShadowHunt service and the Neosec platform together provide an effective way to quickly incorporate full monitoring and investigation of anomalous business API usage without impacting existing security operations and team workload. The combination can add protection against vulnerability exploits and API business abuse quickly and transparently. 

For more information, you can view this datasheet: ShadowHunt Managed Threat Hunting

Cybrella, a leading provider of specialized cybersecurity professional services utilizing in-depth knowledge of the attack landscape, today announced a partnership with Neosec to provide AI-based API security as part of the company’s services. The new partnership enables Cybrella’s customers to discover all APIs in use across their organization, analyze the behavior of those APIs, and prevent abuse or cyberthreats that may be exploiting them.

Modern applications are essentially all API-driven, and they frequently expose confidential and proprietary information through these North-south APIs as the company communicates with partners, suppliers, and other users. This presents a new attack surface that puts businesses at risk in a new and fundamentally different way. Conventional application security techniques are largely irrelevant against API exploits and abuses. However, Neosec’s new and innovative AI-based API Security Platform is an ideal solution to help businesses address these new API-based threats. Designed specifically to discover and secure all APIs used across the organization, without agents or sensors, Neosec gives security professionals visibility and control over their API infrastructure—preventing abuses and cyberattacks.

Organizations that contract with Cybrella for CISO as a Service, Application Security, or other cybersecurity services, can now benefit from Neosec’s innovative AI-based API security. This new partnership adds the following advantages for Cybrella customers:

• API Discovery: Locate API usage across the entire enterprise, including those previously unknown.
• Pinpoint Vulnerabilities: Identify those API’s within the organization that have vulnerabilities, misconfigurations, or that exhibit other risks.
• Fraud Reduction: Find unauthorized use or abuse of financial and other transactions.
• Prevent Data Leakage: Detect data exfiltration and regulatory compliance violations.
• Improved Customer Experience: Improve partner and customer experiences through better API performance and a reduction in errors.
• Cloud-Based and Seamless Integration: An open and extensible SaaS solution that layers on top of your enterprise core security stack to provide a total integrated solution.
• Implemented and Managed by Cybrella’s Experts: Cybrella’s Application Security and CISO as a Service packages remove the complexities of installation and on-going administration.

Application Security Services and Advisory CISO Services

Cybrella provides the deep security skill sets that organizations typically lack, and engages with existing staff to properly assess security needs, develop appropriate policies, and clearly define responsibilities. The company works closely with its clients and educates their employees in the process of developing and maintaining secure applications, including the use of APIs. In addition to Application Security Services, Cybrella’s Advisory CISO Service provides customers who lack in-house expertise with a dedicated CISO that operates as an integral part of their organization. The newly added API protection available through the Neosec partnership greatly contributes to both services. The Neosec platform adds an entirely new and powerful dimension to application security and provides CISOs and other network defenders with the visibility required to secure all of their API based interactions.

With these optimized security services and the Neosec platform, businesses can get the most out of every corporate dollar.